changeset 3971:ae5ac41c391d

mod_rest: Improve auth error reporting
author Kim Alvefur <zash@zash.se>
date Sun, 12 Apr 2020 18:07:16 +0200
parents e0f3e29ab18a
children 45c5603a6c07
files mod_rest/mod_rest.lua
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_rest/mod_rest.lua	Tue Apr 07 22:11:52 2020 +0200
+++ b/mod_rest/mod_rest.lua	Sun Apr 12 18:07:16 2020 +0200
@@ -116,6 +116,8 @@
 end
 
 local post_errors = {
+	noauthz = { code = 401, type = "auth", condition = "not-authorized", text = "No credentials provided" },
+	unauthz = { code = 403, type = "auth", condition = "not-authorized", text = "Credentials not accepted" },
 	parse = { code = 400, condition = "not-well-formed", text = "Failed to parse payload", },
 	xmlns = { code = 422, condition = "invalid-namespace", text = "'xmlns' attribute must be empty", },
 	name = { code = 422, condition = "unsupported-stanza-type", text = "Invalid stanza, must be 'message', 'presence' or 'iq'.", },
@@ -133,11 +135,11 @@
 
 	if not request.headers.authorization then
 		response.headers.www_authenticate = www_authenticate_header;
-		return 401;
+		return errors.new("noauthz", nil, post_errors);
 	else
 		origin = check_credentials(request);
 		if not origin then
-			return 401;
+			return errors.new("unauthz", nil, post_errors);
 		end
 		from = jid.join(origin.username, origin.host, origin.resource);
 	end